- there should be a very permissive crossdomain.xml file on
search.twitter.com;
- the firehose does not host a crossdomain.xml file for its production
usage; and
- twitter.com and api.twitter.com have restrictive crossdomain.xml
files.
to my understanding (but correct me if i'm
as i said, unfortunately, i'm not comfortable relaxing the crossdomain file
on api.twitter.com until we more carefully analyze our own stack that is
running there. we completely agree with your statements here, and we will
gladly listen to anybody who wants us to relax the file -- but, you're all
yup - totally :P just giving you an update that its been low on our
priority list :P
twitter now has a dedicated security manager, so i have just elevated this
to his attention.
On Mon, Apr 12, 2010 at 9:27 AM, Orian Marx (@orian) or...@orianmarx.comwrote:
Totally understood. You shouldn't be